US8253531B2 - On chip verification and consequent enablement of card OS operation in smart cards - Google Patents

On chip verification and consequent enablement of card OS operation in smart cards Download PDF

Info

Publication number
US8253531B2
US8253531B2 US12/411,631 US41163109A US8253531B2 US 8253531 B2 US8253531 B2 US 8253531B2 US 41163109 A US41163109 A US 41163109A US 8253531 B2 US8253531 B2 US 8253531B2
Authority
US
United States
Prior art keywords
flag
operating system
smart card
card
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US12/411,631
Other versions
US20100245037A1 (en
Inventor
John F. Davis
Sheldon M. Osborne
Frederick I. Reed, III
Wei Kai Xie
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US12/411,631 priority Critical patent/US8253531B2/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: DAVIS, JOHN F., XIE, WEI KAI, REED, FREDERICK I., III, OSBORNE, SHELDON M.
Publication of US20100245037A1 publication Critical patent/US20100245037A1/en
Application granted granted Critical
Publication of US8253531B2 publication Critical patent/US8253531B2/en
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/356Aspects of software for card payments
    • G06Q20/3563Software being resident on card
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/26Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition using a biometric sensor integrated in the pass
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data

Definitions

  • the invention relates to biometric identification such as fingerprint verification. More particularly, the invention relates to a system for on chip verification and consequent enablement of card OS operation using smart cards.
  • Smart cards are usually, although not necessarily, the size of a standard credit card, but contain some form of electrical circuitry, usually in the form of one or more integrated circuits (ICs).
  • Simple smart cards may function only as a memory, but more complex ones include a Central Processing Unit (CPU), so as to be able to process data in various ways. This processing is often limited to controlling access to the memory in some way or other, to prevent unauthorized changes to the data stored there.
  • CPU Central Processing Unit
  • FIG. 4 shows a card 490 including a CPU 400 with a card operating system 410 and contacts 430 to connect to external readers and biometric sensors, for example.
  • Smart cards have been used as credit cards, charge cards, and debit cards, as well as for access to mass transit and parking, to store health records, as identity badges, and for secure access to a Local Area Network (LAN), as well as in cellular phones and cable TV set-top boxes, amongst other applications.
  • LAN Local Area Network
  • Smart cards have been used as credit cards, charge cards, and debit cards, as well as for access to mass transit and parking, to store health records, as identity badges, and for secure access to a Local Area Network (LAN), as well as in cellular phones and cable TV set-top boxes, amongst other applications.
  • biometrics such as a fingerprint
  • Present identity verification schemes generally either rely upon cryptography, or rely upon biometric identity verification that does not take place on the card itself.
  • G&D Giesecke & Devrient GmbH
  • Fidelica Microsystems, Inc. that provide on chip finger print sensors and verification but they use a proprietary, experimental OS and not a commercial grade publicly available OS.
  • a method for biometric authentication for a smart card including bootstrap loading the smart card with an input/output operating system, checking whether a flag is set, reading biometric information of a user under control of the input/output operating system to authenticate the user if the flag is not set, setting the flag if the user is authenticated according to the biometric information, and loading the smart card with a card operating system if the flag is set, the card operating system being distinct from the input/output operating system.
  • the reading of the biometric information of the user comprises reading a fingerprint of the user.
  • the reading of the fingerprint is performed by a fingerprint sensor integrated into the smart card.
  • the reading of the biometric information of the user is performed by a sensor integrated into the smart card.
  • the indication of whether the flag is set or not set may be done via a storage bit in a non-volatile random access memory, or alternatively, via a capacitor.
  • the flag may be cleared after a preset time delay.
  • a computer program product for biometric authentication of a smart card user including a computer readable medium, having computer readable program code embodied in the computer readable medium, the computer readable program code including instructions to bootstrap load the smart card with an input/output operating system, instructions to check whether a flag is set, instructions to read biometric information of a user under control of the input/output operating system to authenticate the user if the flag is not set, instructions to set the flag if the user is authenticated according to the biometric information, and instructions to load the smart card with a card operating system if the flag is set, the card operating system being distinct from the input/output operating system.
  • a biometrically authenticated smart card including a central processing unit, a first media storing an input/output operating system to bootstrap load the smart card and control the central processing unit before a card operating system is loaded, storage for storing a flag, which is set by the central processing unit if a user is authenticated, a biometric information reader to authenticate a user under control of the input/output operating system if the flag is not set, and a second media storing a card operating system to be loaded into the smart card if the flag is set, the card operating system being distinct from the input/output operating system.
  • FIG. 1 shows the architecture of a system according to a preferred embodiment of the invention.
  • FIG. 2 shows functional operation of the system a according to FIG. 1 .
  • FIG. 3 is a flowchart of a method of according to the invention.
  • FIG. 4 shows a smart card according to the prior art.
  • the proposed system is a practical implementation of a system where existing fingerprint or other biometric technology can be integrated with an existing commercial operating system without extensive modifications to the operating system.
  • biometric identification capability such as fingerprint identification
  • biometric reader that is not part of the smart card itself. This limits the use of such smart cards, such that biometric identification is not possible when they are used with existing smart card readers that do not incorporate biometric identification hardware.
  • a smart card where a fingerprint reader or other biometric reader is integrated into the card itself.
  • the biometric reader may also be, for example, a retinal scanner.
  • a smart card is provided that is compatible with standard operating systems.
  • the system works by having an additional software layer ‘boot’, i.e. bootstrap load itself into a working memory, prior to the commercial card operating system booting.
  • This software layer, or boot loader provides the drivers and functionality for the finger print sensor and on-card matching.
  • the boot loader will also be referred to as the input/output operating system, or IOS. If the cardholder is successfully authenticated, it then allows an unmodified commercial operating system to boot. Such a commercial operating system for smart cards is referred to herein as a card operating system, Card OS or COS. If the cardholder does not authenticate with the boot loader then the card does not boot the card operating system and thus cannot be used for financial transactions.
  • An advantage of the invention is the use of a monolithic CPU architecture as currently exists in smart cards. A single CPU is more practical since power and physical real estate is scarce on a smart card.
  • a further advantage of the invention is the use of an existing, unmodified, card operating system. Modifications to the card operating system are expensive to construct and expensive to certify.
  • Yet another advantage of the invention is that it provides a secure means to use a smartcard with biometric authentication with minimal development effort.
  • the present invention is directed toward a system for on chip verification and consequent enablement of operation of a card operating system (Card OS) using smart cards.
  • Card OS card operating system
  • FIG. 1 shows the architecture of a system according to a preferred embodiment of the invention.
  • the card 190 has one CPU 100 but two different operating systems; a conventional card operating system (COS) 110 obtained from a vendor and a custom built I/O (input/output) operating system (IOS) 120 .
  • COS 110 is used to perform financial transactions in the case of a credit card smart card using, communicating using known connection standards such as ISO 7816/10536/14443/15693 with a Point of Sale (POS) reader (not shown).
  • COS 110 is preferably not modified, but is used in its existing form as obtained from the vendor.
  • Contacts 130 comply with ISO 7816 in the exemplary embodiment shown.
  • the IOS 120 is used to authenticate a user to the card using a user interface peripheral 180 , which can include an on-card fingerprint sensor, or other biometric information reader.
  • the card 190 has a battery 140 and clock 150 so that it can operate independently of a card reader.
  • the card 190 uses storage 160 to hold a “card holder authenticated” flag, e.g. by storing a bit indicating if the flag is set.
  • Storage 160 can be, for example, a non-volatile RAM (NVRAM), or a resistor/capacitor (RC) network set via a General purpose I/O (GPIO) pin.
  • NVRAM non-volatile RAM
  • RC resistor/capacitor
  • FIG. 2 shows functional operation of the system according to FIG. 1 .
  • the IOS 120 is always booted first when power is applied. Its purpose is to check if the card 190 is in a “card holder authenticated” mode by reading the status of the flag from storage 160 . If the cardholder or user has not been authenticated, then the cardholder is prompted to authenticate using the peripheral 180 , which can include an integral finger print sensor or other biometric sensor as previously noted. If the cardholder has already authenticated, the normal card operating system is allowed to boot. If the storage 160 used to hold the flag is an NVRAM, for example, the user can authenticate and then boot the Card OS 110 much later. If the flag is kept in a resistor/capacitor network, then the authentication is allowed to time-out after a given time, i.e.
  • the flag is set by charging a capacitor, but the charge leaks away via a resistor, according to the time constant RC of the network as per well-known principles.
  • the flag may be cleared, that is to say reset to a not set state, after a preset period of time.
  • FIG. 3 is a flowchart illustrating the method of the invention.
  • step 300 the smart card boots to the IOS 120 , then in step 310 the flag in storage 160 is checked. If step 310 detects that the flag is not set, then the method proceeds to read the user's biometric information in step 320 , and in step 330 the biometric information is checked for a match. If the biometric information matches and the user is authenticated, then in step 340 the flag is set and then the method returns to step 310 , and if not the method returns directly to step 310 . If step 310 detects that the flag is set, then in step 350 the card OS is enabled to be loaded, although it may actually be loaded later, subject to a time-out time, and the flag is cleared. In step 360 , the user selects a smart card application via the reader, and in step 370 the card is removed.
  • embodiments of the present invention may also be delivered as part of a service engagement with a corporation, nonprofit organization, government entity, internal organizational structure, or the like. Aspects of these embodiments may include designing, deploying, and configuring a computing system containing the systems and/or practicing the methods described herein. Further aspects of these embodiments may include analyzing the client's operations, creating recommendations responsive to the analysis, building systems that implement portions of the recommendations, integrating the systems into existing processes and infrastructure, metering use of the systems, allocating expenses to users of the systems, and billing for use of the systems.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Image Input (AREA)
  • Credit Cards Or The Like (AREA)
  • Collating Specific Patterns (AREA)

Abstract

On Chip Smart Card verification of a cardholder using biometrics such as a fingerprint and consequent enablement of a card operating system, having an additional software layer boot prior to the commercial card operating system booting. This software layer, or boot loader, provides the drivers and functionality for the finger print sensor and on-card matching. If the cardholder is successfully authenticated, the unmodified commercial OS is then allowed to boot. If the cardholder does not authenticate with the boot loader then the card does not boot the card operating system and thus cannot be used for financial transactions.

Description

BACKGROUND
1. Field of the Invention
The invention relates to biometric identification such as fingerprint verification. More particularly, the invention relates to a system for on chip verification and consequent enablement of card OS operation using smart cards.
2. Description of the Background
Smart cards are usually, although not necessarily, the size of a standard credit card, but contain some form of electrical circuitry, usually in the form of one or more integrated circuits (ICs). Simple smart cards may function only as a memory, but more complex ones include a Central Processing Unit (CPU), so as to be able to process data in various ways. This processing is often limited to controlling access to the memory in some way or other, to prevent unauthorized changes to the data stored there.
An example of a smart card is shown in FIG. 4, which shows a card 490 including a CPU 400 with a card operating system 410 and contacts 430 to connect to external readers and biometric sensors, for example.
Various operating systems have been implemented in smart cards having a CPU. Early smart card operating systems were dedicated to a single application for using the card, whereas later operating systems have been developed for multiple applications, and Java cards have also been developed, in which the Java operating system is employed so that applications could be portable between cards.
Smart cards have been used as credit cards, charge cards, and debit cards, as well as for access to mass transit and parking, to store health records, as identity badges, and for secure access to a Local Area Network (LAN), as well as in cellular phones and cable TV set-top boxes, amongst other applications. However, to date there has not been a viable commercial application of on card verification of a cardholder using biometrics such as a fingerprint. Present identity verification schemes generally either rely upon cryptography, or rely upon biometric identity verification that does not take place on the card itself.
Operating systems from commercial vendors such as Giesecke & Devrient GmbH (G&D) exist which have on-chip fingerprint matching, but an off-card reader scans the fingerprint. There are also companies such as Fidelica Microsystems, Inc. that provide on chip finger print sensors and verification but they use a proprietary, experimental OS and not a commercial grade publicly available OS.
BRIEF SUMMARY
A method is provided for biometric authentication for a smart card, including bootstrap loading the smart card with an input/output operating system, checking whether a flag is set, reading biometric information of a user under control of the input/output operating system to authenticate the user if the flag is not set, setting the flag if the user is authenticated according to the biometric information, and loading the smart card with a card operating system if the flag is set, the card operating system being distinct from the input/output operating system.
In one embodiment, the reading of the biometric information of the user comprises reading a fingerprint of the user. In one embodiment, the reading of the fingerprint is performed by a fingerprint sensor integrated into the smart card. In another embodiment the reading of the biometric information of the user is performed by a sensor integrated into the smart card. The indication of whether the flag is set or not set may be done via a storage bit in a non-volatile random access memory, or alternatively, via a capacitor. In one embodiment, the flag may be cleared after a preset time delay.
In another embodiment of the present invention, a computer program product for biometric authentication of a smart card user is provided, the computer program product including a computer readable medium, having computer readable program code embodied in the computer readable medium, the computer readable program code including instructions to bootstrap load the smart card with an input/output operating system, instructions to check whether a flag is set, instructions to read biometric information of a user under control of the input/output operating system to authenticate the user if the flag is not set, instructions to set the flag if the user is authenticated according to the biometric information, and instructions to load the smart card with a card operating system if the flag is set, the card operating system being distinct from the input/output operating system.
In yet another embodiment of the present invention, a biometrically authenticated smart card is provided, including a central processing unit, a first media storing an input/output operating system to bootstrap load the smart card and control the central processing unit before a card operating system is loaded, storage for storing a flag, which is set by the central processing unit if a user is authenticated, a biometric information reader to authenticate a user under control of the input/output operating system if the flag is not set, and a second media storing a card operating system to be loaded into the smart card if the flag is set, the card operating system being distinct from the input/output operating system.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 shows the architecture of a system according to a preferred embodiment of the invention.
FIG. 2 shows functional operation of the system a according to FIG. 1.
FIG. 3 is a flowchart of a method of according to the invention.
FIG. 4 shows a smart card according to the prior art.
 DETAILED DESCRIPTION
The proposed system is a practical implementation of a system where existing fingerprint or other biometric technology can be integrated with an existing commercial operating system without extensive modifications to the operating system.
One problem that the Applicants have identified with the background art is that smart cards that have biometric identification capability, such as fingerprint identification, require the use of a separate fingerprint reader or biometric reader that is not part of the smart card itself. This limits the use of such smart cards, such that biometric identification is not possible when they are used with existing smart card readers that do not incorporate biometric identification hardware.
Another problem that the Applicants have identified with the background art is that on-chip fingerprint readers known in the art are not compatible with commonly available operating systems.
In one aspect of the invention a smart card is provided where a fingerprint reader or other biometric reader is integrated into the card itself. The biometric reader may also be, for example, a retinal scanner.
In another aspect of the invention a smart card is provided that is compatible with standard operating systems.
These and other aspects of the present invention may employ the system for on chip verification and consequent enablement of card OS operation using smart cards of the exemplary embodiment disclosed herein.
In a preferred embodiment, the system works by having an additional software layer ‘boot’, i.e. bootstrap load itself into a working memory, prior to the commercial card operating system booting. This software layer, or boot loader, provides the drivers and functionality for the finger print sensor and on-card matching. The boot loader will also be referred to as the input/output operating system, or IOS. If the cardholder is successfully authenticated, it then allows an unmodified commercial operating system to boot. Such a commercial operating system for smart cards is referred to herein as a card operating system, Card OS or COS. If the cardholder does not authenticate with the boot loader then the card does not boot the card operating system and thus cannot be used for financial transactions.
An advantage of the invention is the use of a monolithic CPU architecture as currently exists in smart cards. A single CPU is more practical since power and physical real estate is scarce on a smart card. A further advantage of the invention is the use of an existing, unmodified, card operating system. Modifications to the card operating system are expensive to construct and expensive to certify. Yet another advantage of the invention is that it provides a secure means to use a smartcard with biometric authentication with minimal development effort.
The invention will now be described in more detail by way of example with reference to the embodiments shown in the accompanying figures. It should be kept in mind that the following described embodiments are only presented by way of example and should not be construed as limiting the inventive concept to any particular physical configuration.
Further, if used and unless otherwise stated, the terms “upper,” “lower,” “front,” “back,” “over,” “under,” and similar such terms are not to be construed as limiting the invention to a particular orientation. Instead, these terms are used only on a relative basis.
The present invention is directed toward a system for on chip verification and consequent enablement of operation of a card operating system (Card OS) using smart cards.
FIG. 1 shows the architecture of a system according to a preferred embodiment of the invention.
In a preferred embodiment, the card 190 has one CPU 100 but two different operating systems; a conventional card operating system (COS) 110 obtained from a vendor and a custom built I/O (input/output) operating system (IOS) 120. The COS 110 is used to perform financial transactions in the case of a credit card smart card using, communicating using known connection standards such as ISO 7816/10536/14443/15693 with a Point of Sale (POS) reader (not shown). COS 110 is preferably not modified, but is used in its existing form as obtained from the vendor. Contacts 130 comply with ISO 7816 in the exemplary embodiment shown. The IOS 120 is used to authenticate a user to the card using a user interface peripheral 180, which can include an on-card fingerprint sensor, or other biometric information reader. The card 190 has a battery 140 and clock 150 so that it can operate independently of a card reader. The card 190 uses storage 160 to hold a “card holder authenticated” flag, e.g. by storing a bit indicating if the flag is set. Storage 160 can be, for example, a non-volatile RAM (NVRAM), or a resistor/capacitor (RC) network set via a General purpose I/O (GPIO) pin.
FIG. 2 shows functional operation of the system according to FIG. 1.
The IOS 120 is always booted first when power is applied. Its purpose is to check if the card 190 is in a “card holder authenticated” mode by reading the status of the flag from storage 160. If the cardholder or user has not been authenticated, then the cardholder is prompted to authenticate using the peripheral 180, which can include an integral finger print sensor or other biometric sensor as previously noted. If the cardholder has already authenticated, the normal card operating system is allowed to boot. If the storage 160 used to hold the flag is an NVRAM, for example, the user can authenticate and then boot the Card OS 110 much later. If the flag is kept in a resistor/capacitor network, then the authentication is allowed to time-out after a given time, i.e. the flag is set by charging a capacitor, but the charge leaks away via a resistor, according to the time constant RC of the network as per well-known principles. Hence, the flag may be cleared, that is to say reset to a not set state, after a preset period of time.
FIG. 3 is a flowchart illustrating the method of the invention.
In step 300 the smart card boots to the IOS 120, then in step 310 the flag in storage 160 is checked. If step 310 detects that the flag is not set, then the method proceeds to read the user's biometric information in step 320, and in step 330 the biometric information is checked for a match. If the biometric information matches and the user is authenticated, then in step 340 the flag is set and then the method returns to step 310, and if not the method returns directly to step 310. If step 310 detects that the flag is set, then in step 350 the card OS is enabled to be loaded, although it may actually be loaded later, subject to a time-out time, and the flag is cleared. In step 360, the user selects a smart card application via the reader, and in step 370 the card is removed.
It should be understood, however, that the invention is not necessarily limited to the specific process, arrangement, materials and components shown and described above, but may be susceptible to numerous variations within the scope of the invention. For example, although the above-described exemplary aspects of the invention are believed to be particularly well suited for smart cards, it is contemplated that the concepts of the present invention can be applied in other applications. For example, the concepts of the present application can be utilized whenever it is desired to verify biometric information before starting a computer operating system.
In addition, embodiments of the present invention may also be delivered as part of a service engagement with a corporation, nonprofit organization, government entity, internal organizational structure, or the like. Aspects of these embodiments may include designing, deploying, and configuring a computing system containing the systems and/or practicing the methods described herein. Further aspects of these embodiments may include analyzing the client's operations, creating recommendations responsive to the analysis, building systems that implement portions of the recommendations, integrating the systems into existing processes and infrastructure, metering use of the systems, allocating expenses to users of the systems, and billing for use of the systems.
It will be apparent to one skilled in the art that the manner of making and using the claimed invention has been adequately disclosed in the above-written description taken together with the drawings.
It will be understood that the above description of the preferred embodiments are susceptible to various modifications, changes and adaptations, and the same are intended to be comprehended within the meaning and range of equivalence of the appended claims.

Claims (19)

1. A method of biometric authentication for a smart card, comprising:
bootstrap loading the smart card with an input/output operating system;
checking whether a flag is set;
reading biometric information of a user under control of the input/output operating system to authenticate the user if the flag is not set;
setting the flag if the user is authenticated according to the biometric information; and
loading the smart card with a card operating system if the flag is set, the card operating system being distinct from the input/output operating system.
2. The method according to claim 1, wherein reading the biometric information of the user comprises reading a fingerprint of the user.
3. The method according to claim 2, wherein reading the fingerprint is performed by a fingerprint sensor integrated into the smart card.
4. The method of claim 1, wherein reading the biometric information of the user is performed by a sensor integrated into the smart card.
5. The method of claim 1, comprising storing a bit, indicating whether the flag is set or not set, in a non-volatile random access memory.
6. The method of claim 1, comprising storing a bit, indicating whether the flag is set or not set, in a capacitor.
7. The method of claim 1, further comprising clearing the flag after a preset time delay.
8. A computer program product for biometric authentication of a smart card user, the computer program product comprising:
a non-transitory computer readable medium having computer readable program code embodied therewith, the computer readable program code including:
instructions to bootstrap load the smart card with an input/output operating system;
instructions to check whether a flag is set;
instructions to read biometric information of a user under control of the input/output operating system to authenticate the user if the flag is not set;
instructions to set the flag if the user is authenticated according to the biometric information; and
instructions to load the smart card with a card operating system if the flag is set, the card operating system being distinct from the input/output operating system.
9. The computer program product according to claim 8, wherein the instructions to read the biometric information of the user comprise instructions to read a fingerprint of the user.
10. The computer program product according to claim 9, wherein the instructions to read the fingerprint cause a fingerprint sensor integrated into the smart card to operate.
11. The computer program product of claim 8, wherein the instructions to read the biometric information of the user cause a sensor integrated into the smart card to operate.
12. The computer program product of claim 8, comprising instructions to store a bit, indicating whether the flag is set or not set, in a non-volatile random access memory.
13. The computer program product of claim 8, comprising instructions to store a bit, indicating whether the flag is set or not set, in a capacitor.
14. The smart card of claim 8, comprising a non-volatile random access memory configured to store a bit indicating whether the flag is set or not.
15. The smart card of claim 8, comprising a capacitor configured to store a bit indicating whether the flag is set or not.
16. The smart card of claim 15, wherein the capacitor is part of a network comprising a resistor, whereby the flag is cleared after a time delay determined by the time constant of the resistor and the capacitor.
17. A biometrically authenticated smart card, comprising:
a central processing unit;
first media storing an input/output operating system configured to bootstrap load the smart card and control the central processing unit before a card operating system is loaded;
storage for storing a flag, which is set by the central processing unit if a user is authenticated;
a biometric information reader configured to authenticate a user under control of the input/output operating system if the flag is not set; and
second media storing a card operating system configured to be loaded into the smart card if the flag is set, the card operating system being distinct from the input/output operating system.
18. The smart card according to claim 17, wherein the biometric information reader is a fingerprint sensor.
19. The smart card of claim 17, wherein the biometric information reader is integrated into the smart card.
US12/411,631 2009-03-26 2009-03-26 On chip verification and consequent enablement of card OS operation in smart cards Expired - Fee Related US8253531B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/411,631 US8253531B2 (en) 2009-03-26 2009-03-26 On chip verification and consequent enablement of card OS operation in smart cards

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12/411,631 US8253531B2 (en) 2009-03-26 2009-03-26 On chip verification and consequent enablement of card OS operation in smart cards

Publications (2)

Publication Number Publication Date
US20100245037A1 US20100245037A1 (en) 2010-09-30
US8253531B2 true US8253531B2 (en) 2012-08-28

Family

ID=42783429

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/411,631 Expired - Fee Related US8253531B2 (en) 2009-03-26 2009-03-26 On chip verification and consequent enablement of card OS operation in smart cards

Country Status (1)

Country Link
US (1) US8253531B2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9607189B2 (en) 2015-01-14 2017-03-28 Tactilis Sdn Bhd Smart card system comprising a card and a carrier
US10037528B2 (en) 2015-01-14 2018-07-31 Tactilis Sdn Bhd Biometric device utilizing finger sequence for authentication
US10063541B2 (en) 2014-12-29 2018-08-28 Samsung Electronics Co., Ltd. User authentication method and electronic device performing user authentication
US10395227B2 (en) 2015-01-14 2019-08-27 Tactilis Pte. Limited System and method for reconciling electronic transaction records for enhanced security

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9348633B2 (en) 2009-07-20 2016-05-24 Google Technology Holdings LLC Multi-environment operating system
US9367331B2 (en) 2009-07-20 2016-06-14 Google Technology Holdings LLC Multi-environment operating system
US9372711B2 (en) 2009-07-20 2016-06-21 Google Technology Holdings LLC System and method for initiating a multi-environment operating system
US9389877B2 (en) 2009-07-20 2016-07-12 Google Technology Holdings LLC Multi-environment operating system
US9354900B2 (en) 2011-04-28 2016-05-31 Google Technology Holdings LLC Method and apparatus for presenting a window in a system having two operating system environments
US20120278747A1 (en) * 2011-04-28 2012-11-01 Motorola Mobility, Inc. Method and apparatus for user interface in a system having two operating system environments
US20120313754A1 (en) * 2011-06-13 2012-12-13 X-Card Holdings, Llc Biometric smart card reader
US20130293573A1 (en) 2012-05-02 2013-11-07 Motorola Mobility, Inc. Method and Apparatus for Displaying Active Operating System Environment Data with a Plurality of Concurrent Operating System Environments
US9342325B2 (en) 2012-05-17 2016-05-17 Google Technology Holdings LLC Synchronizing launch-configuration information between first and second application environments that are operable on a multi-modal device
CN108038694B (en) * 2017-12-11 2019-03-29 飞天诚信科技股份有限公司 A kind of fiscard and its working method with fingerprint authentication function

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030074568A1 (en) * 2001-10-17 2003-04-17 Kinsella David J. Methods and apparatuses for performing secure transactions without transmitting biometric information
US20040093592A1 (en) * 2002-11-13 2004-05-13 Rao Bindu Rama Firmware update in electronic devices employing SIM card for saving metadata information
US20050248755A1 (en) * 2004-05-07 2005-11-10 Chung-Cheng Chou Refresh counter with dynamic tracking of process, voltage and temperature variation for semiconductor memory
US20060130128A1 (en) * 2002-07-01 2006-06-15 Emir Gorancic Process for compiling and executing software applications in a multi-processor environment
US20070279227A1 (en) * 2006-02-03 2007-12-06 Ari Juels Authentication Methods and Apparatus Utilizing Hash Chains
US20090050697A1 (en) * 2007-08-24 2009-02-26 Collier Sparks Apparatus for distributed data storage of security identification and security access system and method of use thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030074568A1 (en) * 2001-10-17 2003-04-17 Kinsella David J. Methods and apparatuses for performing secure transactions without transmitting biometric information
US20060130128A1 (en) * 2002-07-01 2006-06-15 Emir Gorancic Process for compiling and executing software applications in a multi-processor environment
US20040093592A1 (en) * 2002-11-13 2004-05-13 Rao Bindu Rama Firmware update in electronic devices employing SIM card for saving metadata information
US20050248755A1 (en) * 2004-05-07 2005-11-10 Chung-Cheng Chou Refresh counter with dynamic tracking of process, voltage and temperature variation for semiconductor memory
US20070279227A1 (en) * 2006-02-03 2007-12-06 Ari Juels Authentication Methods and Apparatus Utilizing Hash Chains
US20090050697A1 (en) * 2007-08-24 2009-02-26 Collier Sparks Apparatus for distributed data storage of security identification and security access system and method of use thereof

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"Fingerprint Cards launches first complete fingerprint verification system at less 10 USD/unit" Sep. 30, 2002; http.www.fingerprints.com/page.asp?newsID=114&section=news.
Mimura et al., "Fingerprint Verification System on Smart Card", IEEE, pp. 182-183, 2002.
William Wong, "Fingerprint Sensor Integrates With Trusted Pre-Boot Authentication Systems," Oct. 26, 2006; http://electronicdesign.com/Articles/Index.cfm?AD=1&AD=1&ArticleID=13817.

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10063541B2 (en) 2014-12-29 2018-08-28 Samsung Electronics Co., Ltd. User authentication method and electronic device performing user authentication
US9607189B2 (en) 2015-01-14 2017-03-28 Tactilis Sdn Bhd Smart card system comprising a card and a carrier
US10037528B2 (en) 2015-01-14 2018-07-31 Tactilis Sdn Bhd Biometric device utilizing finger sequence for authentication
US10147091B2 (en) 2015-01-14 2018-12-04 Tactilis Sdn Bhd Smart card systems and methods utilizing multiple ATR messages
US10223555B2 (en) 2015-01-14 2019-03-05 Tactilis Pte. Limited Smart card systems comprising a card and a carrier
US10229408B2 (en) 2015-01-14 2019-03-12 Tactilis Pte. Limited System and method for selectively initiating biometric authentication for enhanced security of access control transactions
US10275768B2 (en) 2015-01-14 2019-04-30 Tactilis Pte. Limited System and method for selectively initiating biometric authentication for enhanced security of financial transactions
US10395227B2 (en) 2015-01-14 2019-08-27 Tactilis Pte. Limited System and method for reconciling electronic transaction records for enhanced security

Also Published As

Publication number Publication date
US20100245037A1 (en) 2010-09-30

Similar Documents

Publication Publication Date Title
US8253531B2 (en) On chip verification and consequent enablement of card OS operation in smart cards
Shelfer et al. Smart card evolution
US10970706B2 (en) Method for processing a transaction from a communications terminal
US20120313754A1 (en) Biometric smart card reader
US6179205B1 (en) System and method for locking and unlocking and application in a smart card
RU2014138935A (en) METHOD, DEVICE AND PROTECTED ELEMENT FOR PERFORMING A SAFE FINANCIAL TRANSACTION IN A DEVICE
BR112019027681A2 (en) card biometric emulation for payment authorization in stores
US10354055B2 (en) Portable electronic device and system
US20210201294A1 (en) Bank card privacy information hiding method, bank card and computer readable storage medium
JP2003501758A (en) Card memory device
EP3365833B1 (en) A method performed by an electronic device capable of communicating with a reader with improved self-testing
US10915805B2 (en) Method for recording a reference biometric data item in a biometric smart card
US8276188B2 (en) Systems and methods for managing storage devices
US9047457B2 (en) Portable electronic entity, host station and associated method
US10268944B2 (en) Dual-interface payment device with display
CN113947175A (en) Biometric authentication smart card
TWM504286U (en) Security digital memory card with embedded smart chip and card reader terminal
EP3644202B1 (en) Biometric-secured non-biometric applications on a card
KR100720374B1 (en) Smart universal serial bus storage and soft smart card system and service support method using the same
EP3929779B1 (en) Biometric authentication smart cards
US11195181B2 (en) Method and device for parameterising a device for performing banking operations
TW201635205A (en) Security digital memory card with embedded smart chip, card reader terminal and controlling method thereof
Osborne et al. A jc-bioapi compliant smart card with biometrics for secure access control
Maitra A Brief Primer on Smart Card Operating Systems
WO2013155040A1 (en) Smart connect devices for the interconnectivity of data cards with computing devices to enable the performance of various functions upon authentication by a user's fingerprint and/or a user's photograph

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DAVIS, JOHN F.;OSBORNE, SHELDON M.;REED, FREDERICK I., III;AND OTHERS;SIGNING DATES FROM 20090303 TO 20090317;REEL/FRAME:022454/0858

ZAAA Notice of allowance and fees due

Free format text: ORIGINAL CODE: NOA

ZAAB Notice of allowance mailed

Free format text: ORIGINAL CODE: MN/=.

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362